From b4c35baa9e58e24dcc91aa5e901cd0ecb66cecbf Mon Sep 17 00:00:00 2001 From: Komal Yadav Date: Thu, 12 Feb 2026 06:18:10 +0000 Subject: [PATCH] Set up Maven profiles for release and snapshot updated updated updated updated updated updated Set up Maven profiles for release and snapshot updated updated updated updated updated updated updated --- .github/workflows/cloudbuild.yaml | 106 ++++++++++++++++ .github/workflows/tag-release.yml | 22 +++- pom.xml | 194 +++++++++++++++++------------- 3 files changed, 234 insertions(+), 88 deletions(-) create mode 100644 .github/workflows/cloudbuild.yaml diff --git a/.github/workflows/cloudbuild.yaml b/.github/workflows/cloudbuild.yaml new file mode 100644 index 000000000..474adeea2 --- /dev/null +++ b/.github/workflows/cloudbuild.yaml @@ -0,0 +1,106 @@ +# Copyright © 2025 Cask Data, Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +steps: + - name: 'gcr.io/cloud-builders/gcloud' + id: setup-gpg + entrypoint: 'bash' + secretEnv: ['GPG_KEY'] + args: + - '-c' + - | + set -e + # Set a persistent GPG home in /workspace so other steps can see it + export GNUPGHOME=/workspace/.gnupg + mkdir -p $$GNUPGHOME + chmod 700 $$GNUPGHOME + + # Configure loopback mode for non-interactive signing + echo "pinentry-mode loopback" >> $$GNUPGHOME/gpg.conf + echo "allow-loopback-pinentry" >> $$GNUPGHOME/gpg-agent.conf + + # Import the key directly from the secret environment variable + echo "$$GPG_KEY" | gpg --batch --import + echo "GPG key imported into $$GNUPGHOME." + + - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8' + id: maven-package + entrypoint: 'bash' + secretEnv: [ 'GPG_PASSPHRASE' ] + args: + - '-c' + - | + set -e + export GNUPGHOME=/workspace/.gnupg + + mvn deploy -B -V -DskipTests \ + - deploy + - -P + - common-artifacts, version-release + - Dgpg.passphrase="$${CDAP_GPG_PASSPHRASE}" + - -Dmaven.wagon.http.retryHandler.count=5 + - -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 + + - name: 'bash' + id: create-exit-gate-manifest + entrypoint: 'bash' + args: + - '-c' + - | + # Correctly access the output variable from determine-deploy using $$_STEP_ID_KEY + if [[ "$$_DETERMINE_DEPLOY_IS_SNAPSHOT" == "false" ]]; then + set -e + MANIFEST_FILE="/workspace/exit_gate_manifest.textproto" + echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}" + echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}" + echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}" + echo '' >> "$${MANIFEST_FILE}" + echo 'publish_all: true' >> "$${MANIFEST_FILE}" + echo "Created manifest file: $${MANIFEST_FILE}" + waitFor: ['maven-package'] + + - name: 'gcr.io/cloud-builders/gsutil' + id: upload-exit-gate-manifest + entrypoint: 'bash' + args: + - '-c' + - | + set -e + GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/mavencentral/manifests/" + MANIFEST_FILE="/workspace/exit_gate_manifest.textproto" + MANIFEST_FILENAME="release_$$(date -u +%Y%m%d%H%M%S).textproto" + echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}" + gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}" + echo "Manifest uploaded successfully. OSS Exit Gate process should now be triggered." + waitFor: ['create-exit-gate-manifest'] + + +substitutions: + _VERSION: '0.25.0-SNAPSHOT' + +# +#artifacts: +# mavenArtifacts: +# - repository: 'https://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral' +# deployFolder: '/workspace/target/' +# groupId: 'io.cdap.plugin' +# artifactId: 'google-cloud' +# version: '${_VERSION}' + +options: + requestedVerifyOption: VERIFIED + machineType: 'E2_HIGHCPU_32' + + +availableSecrets: + secretManager: + - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PASSPHRASE/versions/latest + env: 'CDAP_GPG_PASSPHRASE' diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index 8d0c747e2..0f7761ebc 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -1,4 +1,4 @@ -# Copyright © 2022 Cask Data, Inc. +# Copyright © 2025 Cask Data, Inc. # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of # the License at @@ -18,7 +18,7 @@ jobs: release-job: runs-on: k8s-runner-build - if: ${{ github.ref_type == 'tag' }} + if: ${{ github.ref_name == 'oss-exit-gate' }} steps: - name: Get Secrets from GCP Secret Manager @@ -59,10 +59,24 @@ jobs: - name: Run tests run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 - - name: Publish to Maven Central + - name: Get Project Version + id: get_version + run: echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT + + - name: Publish SNAPSHOT to Maven Central + if: ${{ endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }} run: mvn clean -B -V -DskipTests deploy -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 env: CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }} CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }} CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }} - MAVEN_OPTS: '-Xmx3200m' \ No newline at end of file + MAVEN_OPTS: '-Xmx3200m' + + - name: Submit Build to GCB + if: ${{ ! endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }} + id: gcb + run: | + gcloud builds submit . \ + --config=cloudbuild-release.yaml \ + --project='cdapio-github-builds' \ + diff --git a/pom.xml b/pom.xml index 70a4f0b37..78a889fd9 100644 --- a/pom.xml +++ b/pom.xml @@ -904,6 +904,13 @@ + + + com.google.cloud.artifactregistry + artifactregistry-maven-wagon + 2.2.5 + + ${testSourceLocation} @@ -1058,93 +1065,112 @@ - release - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - true - - - - attach-sources - package - - jar-no-fork - - - - + common-artifacts + + + + + org.apache.maven.plugins + maven-source-plugin + 2.2.1 + + true + + + + attach-sources + package + + jar-no-fork + + + + - - - org.apache.maven.plugins - maven-javadoc-plugin - 2.9.1 - - -Xdoclint:none - - http://download.oracle.com/javase/${jee.version}/docs/api/ - - ${project.name} ${project.version} - - CDAP Licensed under the Apache License, Version 2.0.]]> - - - - - attach-javadoc - package - - jar - - - - + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.9.1 + + -Xdoclint:none + + http://download.oracle.com/javase/${jee.version}/docs/api/ + + ${project.name} ${project.version} + + CDAP Licensed under the Apache License, Version 2.0.]]> + + + + + attach-javadoc + package + + jar + + + + - - org.codehaus.mojo - build-helper-maven-plugin - 3.3.0 - - - attach-artifacts - package - - attach-artifact - - - - - target/${project.artifactId}-${project.version}.json - json - - - - - - + + org.codehaus.mojo + build-helper-maven-plugin + 3.3.0 + + + attach-artifacts + package + + attach-artifact + + + + + target/${project.artifactId}-${project.version}.json + json + + + + + + - - org.apache.maven.plugins - maven-gpg-plugin - 1.5 - - ${gpg.passphrase} - ${gpg.useagent} - - - - - sign - - - - + + org.apache.maven.plugins + maven-gpg-plugin + 1.5 + + ${gpg.passphrase} + ${gpg.useagent} + + + + + sign + + + + + + + + + + version-release + + + artifact-registry + artifactregistry://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral + + + + + + + release + + org.sonatype.central central-publishing-maven-plugin